<?php
// $Id$

/**
 * Controller_Utility 控制器
 * 专用于封装 download 等服务型非业务逻辑
 */
class Controller_Utility extends Controller_Abstract
{

   /**
    * 要先检查是否有权限下载
    *
    * @var boolean $allowDownload
    */
    public function actionDownload()
    {
        # schema alternation:
        # news : NewsAttachment,  attachment_id  ,path, filename
        # file : File,            file_id        ,path, filename
        # tdoc : Tdocs,           tdoc_id        ,path, filename
        $Gmode = isset($_GET['mode']) ? $_GET['mode'] : NULL;

        // Error handling 初步检查id ，必须满足数字类型
        $Gid = isset($_GET['attachment_id']) && is_numeric($_GET['attachment_id']) ? $_GET['attachment_id'] : NULL;
      if(!$Gid)
      {
         $Gid = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : NULL;
      }
      if(!$Gid)
      {
         $Gid = isset($_GET['id']) && is_numeric($_GET['id']) ? $_GET['id'] : NULL;
      }
        // Error handling 测试是否存在这个id，不存在说明被恶意注入，此时返回文件列表

        if(!$Gmode)
        {
            return $this->_redirect(url('home/index'));
        }

        switch($Gmode)
        {
            case 'news' :
                $DbName            = 'NewsAttachment';
                $IdIndexName       = 'attachment_id';
            $allowDownload     = TRUE;
                break;
            case 'file' :
                $DbName            = 'File';
                $IdIndexName       = 'file_id';
            $allowDownload     = TRUE;
                break;
            case 'tdoc' :
                $DbName            = 'Tdoc';
                $IdIndexName       = 'tdoc_id';
            $allowDownload     = FALSE;

            // 需要用到这个值，初始化
            if(!isset($_SESSION['currentTeacherId']))
            {
               $_SESSION['currentTeacherId'] = 'noteacher';
            }

            // 判断是否允许下载
            if(TDoc::find('tdoc_id = ?', $Gid)->query()->teacher_id == $_SESSION['currentTeacherId'])
            {
               $allowDownload = TRUE;
            }

                break;

            default :

                return $this->_redirect(url('home/index'));
        }

        do
        {
            if($Gid && $allowDownload)
            {
                $instance = new $DbName();
                $myFile = $instance->find($IdIndexName.' = ?', $Gid)->query();
                if($myFile->$IdIndexName == '')
                {
                    break;
                }

                // IE 必须要 urlencode 链接， Firefox 可以直接识别
                // 浏览器识别代码， 需要每个都测试
                if(strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
                {
                    Helper_SendFile::sendFile($myFile->path, urlencode($myFile->filename));
                }
                else
                {
                    Helper_SendFile::sendFile($myFile->path, $myFile->filename);
                }
                return;
            }

            break;

        } while(false);

        //CIB::_SQL_error();
      return $this->_redirect(url('home/index'));
    }
}